Configure the CSRF Protection With Spring Security 6 and Angular

preview_player
Показать описание
In this video I will implement the CSRF protection in both a Spring Boot application with Spring Security 6 and in the frontend with Angular.

I will build both projects from scratch and add the CSRF protection. I will use a stateful authentication in the backend, with cookies.

Chapters:
0:00:00 Introduction
0:02:30 Backend creation
0:07:48 CORS configuration
0:09:30 Frontend creation
0:13:16 Request the backend
0:18:47 Submit form
0:26:57 Spring Security Configuration
0:33:50 Login Form
0:41:58 HTTP client wrapper
0:45:36 CSRF Token
0:50:00 Demo
0:50:52 Conclusion

  1. The Dev World - by Sergio Lema
  2. java
  3. spring boot
  4. spring security
  5. angular
  6. csrf
Рекомендации по теме
Configure the CSRF 0:51:54

Configure the CSRF Protection With Spring Security 6 and Angular

Your App Is 0:09:57

Your App Is NOT Secure If You Don’t Use CSRF Tokens

The CSRF Protection 0:08:08

The CSRF Protection with Spring Security | Spring Boot Backend #3.5

Configuring CSRF protection 0:03:05

Configuring CSRF protection (11.x -16.0.x)

#31 Spring Security 0:17:56

#31 Spring Security | CSRF Token

Cross-site request forgery 0:17:20

Cross-site request forgery | How csrf Token Works

How To Circumvent 0:08:01

How To Circumvent CSRF Protection!

Configure CSRF protection 0:02:33

Configure CSRF protection for BIG-IP 16.1.0 and later

Cross-Site Request Forgery 0:06:31

Cross-Site Request Forgery (CSRF) Explained And Demonstrated By A Pro Hacker!

Spring Security - 0:28:46

Spring Security - setting up CORS and CSRF protection with demo - Fullstack Project

FreshVotes 14 - 0:15:45

FreshVotes 14 - Enabling CSRF Protection

How does Anti 0:05:57

How does Anti CSRF tokens function?

CSRF Protection with 0:16:21

CSRF Protection with PHP

How To Protect 0:04:18

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

Cross-Site Request Forgery 0:14:11

Cross-Site Request Forgery (CSRF) Explained

What Is a 0:08:54

What Is a CSRF Attack and How Do You Prevent It?

Cross-Site Request Forgery 0:11:59

Cross-Site Request Forgery (CSRF) Explained

CSRF Protection 0:26:04

CSRF Protection

Deep dive into 0:01:54

Deep dive into Rails Cross-Site Request Forgery (CSRF) Protection | Preview

PHP Security Tutorial: 0:10:00

PHP Security Tutorial: Cross-Site Request Forgery (CSRF) Protection

Beautiful Slim CSRF 0:08:04

Beautiful Slim CSRF Protection: CSRF basics (and problems) (3/4)

Secure Your Angular 0:00:37

Secure Your Angular App with CSRF Protection #AngularSecurity

Explaining CSRF and 0:08:28

Explaining CSRF and how to enable CSRF Filtering inAEM

Flask CSRF Protection 0:05:17

Flask CSRF Protection

Комментарии
Автор

Great video! I'm using spring with CSRF disable since I can remember 😆

ferlezcano
Автор

excellent content!! I'm ont from a anglophone country but i understand without problemes

fabricemissidi
Автор

Hi, this was an amazing video on this subject.Havent seen anyone to explain how it works till now.Still i have one question remaining .From where can i learn about spring security in depth.Would be great if you can provide me some links for some resources.Thanks!

stefanfrusinoiu
Автор

Please help me!

I have permitted all endpoints using permitAll(), but only GET methods are accessible, whereas POST methods return a FORBIDDEN error " You don't have permission to access this".
If I disable CSRF in the SecurityFilterChain, then POST methods without parameters can be accessed, but if there are parameters, they still return a FORBIDDEN error

tryit
Автор

Hi, great video!! Although I still get the 403 Forbidden issue after implementing the same code as shown in video. I'm developing one angular library for which I have the Spring boot layer for all the back-end calls. I don't require the login security as it's already there for Main app, I just need the CSRF validation for api calls. Awaiting your response 😊

rajputADITYA_
Автор

but, how to secure endpoint that generate csrf token?

mhmmdnaufall
Автор

I don’t understand why the csrf was disabled in the SecurityConfig?

Our security team has pointed out that it should not be disabled in Security Config

dew_reddit
Автор

Thanks for this. i have one question: how can i test my backend with postman if i have csrf enabled? i tried getting first csrf token, but when i make post call, the csrf token of server is anredy changed..

emerk
Автор

If i will put all these codes into wordpress will it still work? I struggle to find a tutorial that could explain whole coding system behind it and i just want to secure my website

gameshow
Автор

how to set up with csrf repository for new token each request can you provide me any article for that.

sanamudash
Автор

If a backend application hosted in multiple servers, how CSRF token will be validated?

praveenpotnuru
Автор

Hi could u please a authentification with token and security in the url and verification send mail with spring and angular please ??

zayedh
Автор

Why did you use here webMvcConfigurer? In other video you said to use Cors if we are using spring security: "If you use Spring Security, it's recommended to use this way instead of WebMvcConfigurer. This way, a CorsFilter is put in place which intercepts all the requests. With WebMvcConfigurer, not all the requests are intercepted, only those from the MVC Web."

TheMrBazil
Автор

Hi man, great video! However, I facing some troubles, can you help me?

gustavosantos
Автор

excellent video!
however, the RestController "CsrfToken getCsrfToken(CsrfToken csrfToken)" fires an exception :
No primary or single unique constructor found for interface
Any idea to get around ?
Java 17
Spring Security 6.3.3

mohamedbanaouas